Reversible Barbed Congruence on Configuration Structures * 


Clement Aubert 

INRIA 

Universite Paris-Est, LACL (EA 4219), UPEC, E-94010 Creteil, France 
clement.aubertOlacl.fr 

loana Cristeseu 

Univ. Paris Diderot, Sorbonne Paris Cite, P.P.S., UMR 7126, F-75205 Paris, France 
ioana.cristescuOpps.univ-paris-diderot.fr 


A standard contextual equivalence for process algebras is strong barbed congruence. Configuration 
structures are a denotational semantics for processes in which one can define equivalences that are 
more discriminating, i.e. that distinguish the denotation of terms equated by barbed congruence. 
Hereditary history preserving bisimulation (HHPB) is such a relation. We define a strong back and 
forth barbed congruence using a reversible process algebra and show that the relation induced by the 
back and forth congruence is equivalent to HHPB, providing a contextual characterization of HHPB. 


Introduction 


A standard notion of equivalence for process algebras identifies processes that interact the same way with 
the environment. Reduction congmence |7 | is a standard relation that equates terms capable of simulating 
each other’s reductions in any context. However observing only the reductions is a too coarse relation. A 
predicate, called a barb, is then defined to handle an extra observation on processes: the channel on which 
they communicate with the environment. 

Configuration structures—also called stable families \ 12| or stable configuration structures |4]—are 
an extensional representation of processes, which explicit all possible future behaviours. It consists of 
a family of sets, where each set is called a configuration and stands for a reachable state in the run of 
the process. The elements of the sets, called events, represent the actions the process triggered so far. 
The inclusion relation between configurations stands for the possible paths followed by the execution. 
The encoding of terms of the Calculus of Communicating Systems (CCS)—a simple process algebra—in 
configuration structures 112, 4] settled configuration structures as a denotational model for concurrency. 

Configuration structures are “true concurrency” models, as opposed to process algebras, wbicb use 
an interleaving representation of concurrency. It is bard to deduce in an interleaving semantics the 
relationships between events, such as whether two events are independent or not, whereas they are explicit 
or easily inferred in a truly concurrent semantics. 

On such structures, the equivalence relations defined are more discriminating: it is possible to move 
“up and down” in the lattice, whereas in the operational semantics, only forward transitions have to 
be simulated. As an example, consider the processes a.Ojh.O and a.b.O + b.a.O that are bisimilar in 
CCS but whose causal relations between events differ. In particular we investigate hereditary history 
preserving bisimulation (HHPB), which equates structures that can simulate each others’ forward and 
backward moves. It is the canonical equivalence on configuration structures as it respects the causality 
and concurrency relations between events and admits a categorical representation |5|. 
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Reversibility allows to define HHPB in an operational setting, by simply adding to processes the 
capability to undo previous computations. A term can then either continue its forward execution or 
backtrack up to a point in the past and resume from there. Reversible process algebras are interesting 
in their own right [6, 11, but we focus in this paper on their capability to simulate the back-and-forth 
behaviour of configuration structures. To ensure that the backward reduction of CCS indeed corresponds 
to the backward moves of its denotational representation, one has to prove that the labelled transition 
system is prime |8 |. It was already done for CCSK 19|, a reversible calculus that has a causal consistent 
backtracking machinery. In this paper we use RCCS [2J a causal consistent reversible variant of CCS 
whose syntax is given in Sect. 1.1 

In reversible calculi one is also interested in a contextual equivalence for processes. Traditional 
equivalences, defined only on forward transitions, are inappropriate for processes that can do back-and- 
forth reductions. Strong back-and-forth bisimulation |6| is more adapted but it is not contextual. Hence 
we introduce the barbed back-and-forth congruence on RCCS terms (Sect. 1.2) which corresponds to the 
barbed congruence of CCS except that backwards reductions are also observed. 

Conhguration structures (Sect. 2) lacks a notion of contextual equivalence, because the context 
is a notion specihc to the operational semantics. Hence it makes sense to consider context only for 
configuration structures that represent an operational term (Sect. 3). We introduce in Sect. 4 the correct 
notions and relations on those structures. The contextual equivalence on processes induces a relation on 
the denotation of these processes and this relation corresponds to HHPB (Sect. 5). 

Similarly to the proof in CCS, the correspondence between a contextual equivalence and a non 
contextual one necessits to approximate hhbp with (a family of) inductive relations defined on configuration 
structures. If we are interested only in the forward direction (as in CCS), the inductive reasoning starts 
with the empty set, and constructs the bisimilarity relation by adding pairs of conhguration reachable 
in the same manner from the empty set. However, to approximate hhbp, we need to have an inductive 
reasoning on the backward transition as well (Dehnition 15). These relations are of major importance to 
prove our main theorem (Theorem 1), as they re-introduce the possibility of an inductive reasoning thanks 
to a stratihcation of the HHPB relation. 

Hhpb is equivalent to strong bisimulation on reversible CCS 110|, thus it can be characterised as a 
non contextual equivalence on processes. One can then prove the main result of the paper by showing 
that in RCCS strong bisimulation and strong barbed congruence equate the same terms. We chose to use 
conhguration structures instead, as we plan to investigate weak equivalences on reversible process algebra 
and their correspondence in denotational semantics. 

Our work is restrained to processes that forbid some sort of auto-concurrency (see Remark 1) and that 
are “collapsed” (Dehnition 10): we need to uniquely identify open conhgurations using only the label and 
the order of the events. The “equidepth auto-concurrency” 110 | does not help. 


1 RCCS syntax and bisimulation 

RCCS is a reversible variant of CCS, that allows computations to backtrack, hence introducing the notions 
of forward and backward transitions. A mechanism of memories attached to processes store the relevant 
information to eventually do backward steps. 

In a sequential setting backtracking follows the exact order of the forward computation. This is too 
strict for a concurrent calculus where independent processes can hre independent actions. The order of 
these actions in the forward direction is just temporal and not causal, and thus it should be allowed to 
backtrack them in any order. On the other hand, too much liberty in backtracking could allow the system 
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y=a II a || ... a,j3 

m:=0 II Y .m || {i,a,P).m 
P,Q:=0 II a.P II a.P + p.Q || P\Q || {a)P 
R,S:=m\>P II R\R || {a)R 

Figure 1: RCCS processes grammar 


7 II T (Actions) 

(Memories) 
(CCS processes) 
(RCCS processes) 


to access states that were not reachable with forward transitions alone. 

1.1 RCCS syntax 

Notations 1. Let N = ... } a set of names, I = {i,j, ...} a set of identifiers. An action is an input 

(resp. output) on a channel a, labelled a (resp. a), or a synchronisation with the label {a,a), sometimes 
denoted T. Each action a has a dual written a, we let a = a and f = T. Denote L = {a, j3,..} the set of 
labels. 

CCS processes are build using prefix, sum, parallel composition and restriction. RCCS processes, also 
called monitored processes, are built upon CCS processes by adding a memory m that acts as a stack of 
the previous computations. Each entry in the memory is called an event and has a unique identifier. The 
usual 131 RCCS processes grammar is recalled in Figure 1 A memory (/, a,P) contains an “identifier” i 
fhaf “tags” transitions: it is especially useful in the case of synchronisation (both forward and backward), 
for it identifies which two processes interact. The label a marks which action has been fired (in the case 
of a forward transition), or what action should be restored (in the case of a backward move). Finally, P 
saves the whole process that has been erased when firing a sum. The “fork symbol” T marks that the 
memory of a parallel composition has been split down to the two parts of the parallel composition. It was 
handled with (1) and (2) (Left- and Right-fork) in previous work [2. p. 295]. 

We can easily retrieve a CCS process from an RCCS one by erasing the memories: 

E{m>P)=P e{R\S) = e{R)\e{S) e{{a)R) = {a)e{R) e{R + S) = e{R) + eiS) 

Structural congruence on monitored processes is the smallest equivalence relation up to uniform renaming 
of identifiers generated by the following rules: 

P ^ Q m\> {P\Q) = (Y.m \> P\Y .mt> Q) 

d) t> P = d) t> Q fn\> {a)P = {a)m \> P with a ^m 

The left rule implies that all equivalence for CCS processes holds for RCCS processes with an empty 
memory. The right rules respectively distributes the memory between two forking processes (top) and 
moves the restrictions at the process level (bottom). 

i'Ct 

The labelled transition system (LTS) for RCCS is given by the rules of Figure 2. In the transitions —)■ 
(resp. ^) for the forward (resp. backward) action, we have that / G 7 is the event identifier, \{m) (resp. 

I(S)) is the set of identifiers occurring in m (resp. in S). We use -» as a wildcard for or and if 

i\'.ai in'.a„ 

there are indices /i,..., and labels such that 7?i -» ... -» /?„, then we write 7?i /?„. We 

sometimes omit the identifier or the label in the transition. The trace is unique up to renaming of the 
indices. 
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r‘^R' a4a Rx=R^R!=R!^ 

— res. ^ —, 

[a)R'^(a)R! Ry'^R!^ 

-^- act.* 

(/,a,2).m > P ^ m > a.P + 2 

The rule act. and act* apply iff i ^ l(m), the rule par. applies iff / ^ 1(5). 

Figure 2: Rules of the LTS 


i\y i\y 

R^R' S' 

P|5^P'|5' 


syn. 


r.a 

R^R' 


par. 


R\S^R'\S 
- act. 


m > a.P+Q (/, a, Q).m\> P 


When a prefix is consumed we add in the memory an event consisting of an unique identifier, the 
label consumed and the discarded part of the non-deterministic sum. Then backtracking removes an 
event at the top of a memory and restores the prefix and the non-deterministic sum. Synchronization, 
forward or backward (syn), requires the two synchronization partners to agree on the event identifier and 
trigger the transitions simultaneously. The requirement that / ^ l(S) for the parallel composition (par.) 
ensures the uniqueness of the event identifiers in the forward direction and prevents a part of a previous 
synchronization to backtrack alone in the backward direction. 

Example 1.1. The process Y.(/,a,a'.O).0i>P | (y,j8,j8'.O).0c>2 highlights that not all syntactically 
correct processes have an operational meaning. This term cannot be obtained by a forward computation 
from a CCS process, somehow “its memory is broken”. Without Y, one could backtrack to 0 > a.P+a'.O | 
0 > j8.2 + jS'.O, but this terms violate the structural congruence. 

The semantically correct processes are called coherent and are defined as follows: 

Definition 1 (Coherent process and Or). A RCCS process R is coherent if there exists a CCS process P 
such that 0 > P —)■* R. This process P is unique up to structural congruence and we write it Or. 

Backtracking is not deterministic, but it is noetherian and confluent [3, Lemma 1], hence the unique¬ 
ness. Actually, coherence of processes comes from the coherence relation defined on memories [2, 
Definition 1] and implies that in a coherent term, memories are unique. Moreover, coherence is preserved 
by transitions and structural congruence. 

1.2 A contextual equivalence for RCCS 

Let us now revisit the barbed congruence of CCS |7| in the case of RCCS. For that we need the right 
notions of context and barb in the reversible setting. 

Choosing the right notion of context is subtle. A context has to become an executable process 
regardless of the process instantiated with it. We can distinguish three types of contexts: with an empty 
memory, with a non empty but coherent memory (i.e. the context can backtrack up to an empty memory 
regardless of the process instantiated with) or with a non coherent memory. The later is left as future 
work, while the first two are equivalent: we will only, w.l.o.g., consider contexts without memory. 

Definition 2 (CCS Context). A context is a process with a hole: C :=[ ] || a.C || C-l-P || C|P || {a)C 

We can only instantiate a context with an RCCS process R if the process has an empty memory, i.e. 
P = 0 > P. We use the notation C[0 > P] to denote the process 0>C[P]. 

Definition 3 (Strong commitment (barb)). We write R if there exists i G I and R' such that R R'. 
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% ^2 ^3 ^4 



{^2,^2} 


{^’3,^3} 

{e4,e',} {e'fe'f} 

/ \ 

T 

T 

T 

T T 


{^2} 

Kl 

{^3} Kl 

{^4} {<} 

\ / 

\ / 

\ / 

\ / 

0 

0 

0 

0 

l\{ei) = a, 

£2(^2) = ^2(40 = 

£3(^3) =f{el) =a, 

Uief) = Uie'f) = a, 

II 

£2(4) =b 

h{e'^)=b 

U{e'^)=U{e'f) = b 


Figure 3: Four examples of configuration strutures 


Definition 4. A strong back-and-forth barbed bisimulation is a symmetric relation on coherent processes 
^ such that if R S, then 


R^Xr' ^ 35' s.t. 5 S' and R' S' (Back) 

rXI^r' ^ 35 ' s.t. S ^ S' and R' S' (Forth) 

R S ia . (Barbed) 

We write R^^ S and dehne the strong back-and-forth barbed congruence if S and for all context 
C[-],C[Or] ~"C[05]. 

Lemma 1. S Or Os- 

The proof is straightforward. The converse does not hold as R and S can be any derivative of Or. 


2 Configuration structures 

We use configuration structures 112,41 as a denotational semantics for processes. We recall the definitions 
and the operations necessary to encode processes, and refer to Winskel’s work for the proofs. 

Notations 2. Let £" be a set, C be the usual set inclusion relation and C be a family of subsets of E. For 
X EC we say that X is compatible and write X t*'"- if 3y G C finite such that Vx G X, x C y. 

Definition 5. A configuration structure {E,C) is a set E and C C fP{E) satisfying: 


Vx G C, Ve G X, 3z G C finite s.t. e €z and z C x 
Vx G C,\/e,e' G x, ffef^e then 3z G C,z C x and (e G z e ^ z) 

VX C C andX UX G C 
Vx,y G C, ifxUy G C thenxHy G C 


(finitness) 
(coincidence freeness) 
(finite completness) 
(stability) 


A labelled configuration structure if = {E,C,i) ^ configuration stmcture endowed with a labelling 

function i : E ^ L. All configurations structures from now on will be supposed to be labelled. 

The elements of E are called events and subsets of C configurations. Intuitively, events are the actions 
occurring during the run of a process, while a configuration represents a state reached at some point. 
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Example 2 . 1 . In Figure 3, the configuration structure have two events ei, e[, with labels respectively 
a and b, that are concurrent. Conhguration {ei} then corresponds to the process that bred action a. Its 
only possibility is then to fire b and reach the state {ei,e\}. A process corresponding to this structure is 
a.O\b.O. The configuration structure "^2 corresponds to a process where the events labelled respectively a 
and b are causally dependent, as in a.b.O + b.a.O. 

Tbe conhguration structure corresponding to a process P is dehned inductively on the syntax of P. 
Hence the encoding of a process is built from the encoding of its parts, unlike other models such as 
process graphs (or prime graphs) for CSSK 19|. Moreover, conhguration structures are compositional 
in the sense that we can compose conhguration structures into new structures. Compositionality is an 
important feature as it allows us to reason on the context of a process. 

Henceforth we detail how the operations of process algebras are translated on conhguration structures, 
which in some cases have a nice categorical interpretation. While the underlying category theory is not 
used in the paper, it can help in understanding how these structures behave. 

Definition 6 (Category of labelled conhguration structures). A morphism of labelled conhgurations 
structures/: {Ei,C\,l\) —)• {E 2 ,C 2 ,i. 2 ) is a partial function on the underlying sets / : Ei —>•£'2 that is: 

Vx G Ci,f{x) = {f{e) I e G x} G C 2 (conhguration preserving) 

Vx G Ci,Vci,C 2 £ x,f{ei) = f{e2) ei = 62 (locally injective) 

Vx G Ci,Vc G x,f’i(c) =i 2 if{e)) (label preserving) 

The conhguration structures and their morphisms form a category. 

Definition 7 (Operation on conhguration structures 112|). We let ‘€\ = [E\^C\^l\), ^2 = {E2,C2,(-2) be 
two conhguration structures, set £* = £ U {*} and dehne the following operations: 


Product Dehne the product o/'^i and ^2 as x ^ 2 . for = {E,C,£), where £ = £j^ x £2 is the 

product on sets with the projections Tii, 712 and 


' G Cl and 7t2{x) G C 2 , 


xGC 


< TTi : and 712 : ^ "^2 are morphisms, 


X satishes (hnitness) and (coincidence freeness). 


The labelling function i is dehned as i{e) = {i\ (ci),^ 2 (^ 2 ))> where 7i\ (e) = ei and 7r2(^) = ^ 2 - 


Coproduct Dehne the coproduct o/'^i and ^2 as +"^ 2 , for = (£,C,£), where £ = ({1} x 

£1) U ({2} X £ 2 ) and C = {{1}xx|xGCi}U {{2} x x | x G C 2 }. The labelling function i is dehned as 
(.{e) = ii{ei) when c,- G Ei and 7r,(c;) = e. 

Restriction Let £' C £. Dehne the restriction of a set of events as (£,C,f)j£' = {E' ,C' f) where 
x' G C X G C,x C £'. The restriction of a name is then {E,C,£)]Ea where Ea = {e £ E \ i{e) f- 
T,a G ^(c)}. 

Prefix Dehne the prefix operation on configuration structures as a.{E,C,i) = {eL)E,C' ,i'), for c / £ 
where x' G C 3x G C,x' =xUe and i'{e) = a, and V£ / e, i'{e') = t{e'). 
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Relabelling Define the relabelling of a configuration structure = {Ei,C\,ii of), where ^ is a 

labelling function. 

Parallel composition Define ||'^2 = ((‘^i x ^2) of)]E where i is defined as follows 

i{a)=a i(z) = z £{a,d) = £{d,a) = z £{z,a) = £{a,z) =0 £{a,b) = £{b,a) =0 

and for x ^2)°^ = {E' ,C' ,£') we have the set E = {e ^E' \ £'{e) 7 ^ 0}. 

In configuration structures {E,C,£) we denote v —^ f the configurations x,x' G C such that x = 

x' U {e} and with x' x the symmetric relation. We use x' -» x for either x —^ x' or x' x: if £{e) = a, 
a / 

we sometimes write x ^ x . 

Definition 8 (Partialorder). LetxGCandci,e 2 Gx. Thenci <;tC 2 iffVx 2 GC,X 2 Cx,C 2 £-^2 £■’^ 2 - 

If ^1 ^2, we say that e\ happens before e2 or that ei causes e2 in the configuration x. Morphisms on 

configuration structures reflect causality: if tt : ‘^1 —)> '^2 and for ei,e2€x andx G C\, if ‘K{e\) <jt{x) ^(^ 2 ) 
then Cl <xe 2 . 

Definition 9 (Substructure). {Ei,Ci,£i) C {E2,C2,£2) iff E\ C E2,C\ C C 2 and £\ = £2\ei- 

3 Encoding RCCS in configuration structures 

We start by encoding a CCS term into configuration structures and show an operational correspondence 
between the term and its encoding. Intuitively, the configuration structure of a process without memory 
depicts all its possible future behaviour. We also introduce a notion of context for configuration structures. 
Then we proceed to encode a RCCS term. A reversible process can do backward transitions but only 
up to a point: until it reaches the empty memory. We encode then a RCCS terms as an “address” in the 
configuration structure of its origin. This allows us to encode both the past and the future of a process in 
the same configuration structure. However the syntax of a process is not informative enough, hence we 
restrict the encoding to a class of processes. Lastly we show an operational correspondence for RCCS 
terms and their encoding. 

3.1 Encoding CCS 

We start by encoding a term without memory, that is a CCS term. We do so by structural induction on the 
term using the operations defined previously (Definition 7): 

[[AIP2]] = mm]] [[A +A]] = m] + m m= a.ri iva-p]] = [[pm 

Note that this encoding and its correspondence with CCS was first proposed by Winksell 1121. 

To show a strong bisimulation between a CCS process and its encoding, we introduce the following 
transformation of a configuration structures representing, intuitively, the structure we obtain after a 
transition: {E,C,£)\x= {E',C',£']E') with E' = UC'andx'^C' 3y G C,x C y andx'= y\x. 

Intuitively, \ x is the configuration resulting from the suppression of the events of x in all configura¬ 
tions of if. We call minimal (with respect to the partial order in Definition 8) an event whose singleton is 
a configuration. 

Proposition 1 . Letx be a configuration in if, then f\x is a configuration structure. 
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Proposition 2 (Strong bisimulation between a CCS process P and [[P]]). 

IfP Q then 3 e G [P]] minimal s.t. t{e) = a and [[2]] = JP]] \ {e} (Soundness) 

Ve G [[P]] minimal, 32 s.t. P Q and [[2]] = [[P]] \ {e} (Completeness) 

cc 

Proof. We show this by induction on the derivation P —)■ Q for (Soundness ) and by structural induction 
on [[P]] for (Completeness). □ 

We cannot define a notion of context for configuration structures in general, as it is not clear wbat a 
configuration structure with a hole would be. However, if a configuration structure ^ has an operational 
meaning, i.e. if 3P a CCS process such that ^ = [[P]], we can use a CCS context C[-] that we instantiate 
with P. 

When reasoning on contexts in CCS, it is common to distinguish between the part of a transition fired 
by fhe confexf alone and fhe par! fired by fhe process. In fhe operafional seffing, one can easily decompose 
fbe ferm C[P] fbanks fo fbe rules of fbe LTS. We need a similar reasoning for fbe term [[C[P]]], bence we 

affacb fo fbe confexf C[-] and process P a projection morphism nc,p • [[C[P]]] [[P]] thaf can refrieve fhe 

parfs of a configuration in [[C[P]]] fhaf belong fo [[P]]' 

Morphisms do nof preserve causalify in general. In fhe case of a producf we can show fhaf all 
causalities are due fo one of fhe fwo configuration sfrucfures. 

Proposition 3 . Letx G x '^ 2 - Then e <x e' either K\{e) ^i(^0 or K2{e) <n^(x) 

Wifhouf much difficulfy fhe resulf can be extended fo say fhaf in [[C[P]]], causalify appears due fo 
eifher fhe causalify in C[-] or fhe causalify in P: a confexf can add buf cannof remove causalify in fhe 
process ll j. 

3.2 Encoding RCCS 

A RCCS ferm corresponds fo a configurafion in fhe configurafion sfrucfure of ifs origin. We can use fhe 
pasf execution, fhaf is fhe memory of R fo poinf fo a configurafion buf if is nof discriminatory enough. 
Consider fhe process 0 > a.O + a.b.O —)■ R whose configurafion sfrucfure is '^3 in Figure 3. To determine 
which of fhe configurafions labelled a correspond to R we have fo consider fhe fufure of R as well. 

Hence we choose a configurafion fhaf respecfs fhe pasf and fhe fufure of R, buf fhis is sfill nof enough. 
Consider fhe process a.b.O + a.b.O whose configurafion is ^2 in Figure 3 For fhe frace 0\> a.b + a.b b 
fhere is no way fo choose befween fhe fwo configurafions labelled a. From now on, we consider only 
RCCS processes for which fhe underlying CCS process has fhe properly fhaf collapse (P) = P, where 
collapse is defined below. 

Definition 10 (Collapse). 

collapse(a.P +a.2) = a.collapse(P), if collapse(P) = collapse(2) collapse(a.P) =a.collapse(P) 
collapse (a.P + j 8 .2) =«. collapse (P) + jS. collapse (2) collapse((fl;)P) =(a)collapse(P) 

collapse(a.P|a.2) = a.collapse(P), if collapse(P) = collapse(2) collapse(O) = 0 
collapse(P| 2) = collapse(P) | collapse(2) 

*The formal definitions and the missing proofs can be found in Appendix A 
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Hence each process points to a unique configuration, enabling us to encode the past behaviour without 
difficulty. Thus we dehne an “address” function that, given the configuration structure of the process’s 
origin and a trace to the process we want to encode, returns the configuration corresponding to the current 
state. 

Definition 11 (Encoding RCCS processes in conhguration structures). Given R a RCCS process, its 
encoding [[R]] is defined as fhe couple ([[Oi?]],ad[[o^]]( 0 ,OR —^*^))> where 


adjo^]](^,Ri -^R2 —^*R3) = ad[[o^j(.rU{4,R2 —^*-^ 3 )) if < 


'xU{e} £ [[Or]] 
and 

Ue(«2)l£(IOJ\(j(UW)) 


Let US show that the encoding is correct, and in particular that the function ad is well defined. 
Proposition 4 (Soundness of the RCCS encoding). Let R be a process, then 3\x £ [[Or]] such that 

R) =^- 

The proof, presented in Appendix A, proceeds by induction on the trace, uses Proposition 2 and the 
collapsing hypothesis (Definition 10). 

Let us now define a fransifion relafion on configuration structures, useful in showing the operational 
correspondence between terms of RCCS and their encoding. 

Definition 12 (Transition in configuration structures). Define ([[R]],x) ([[P]],xU{c}) forxUje} G [[P]]. 

i\a a 

Lemma 2 (Operational correspondence). 1. ifR S then [[P]] ^ [[S]]; 

2. let [[P]] = (^,x); if {^,x) (^,xU {c}) then 35, such that for some i £ I fresh, R ^ S and 

PE = (^,xU{e}). 


R 

i'(X 

Proof 1. As P —)■ S, Or = O 5 and we are in the following situation: 

Or = Os 

We have that [[S]] = ([[Or]],^^), where = adjo^j (0, Or — S) = ad|o^]](0,OR —C RS) = 

xrU{c}. As [[P]] = ([[Or]],xr) it follows that ([[Or]],xr) ([[^rEas)- The proof for the backward 

direction is similar except that it uses the trace up to P. 

2. Prom fif,x) {^,xU{e}) we have that xU{c} G Then {e} £'^\x. Prom [[P]] = {'Tf,x) we 
have that if\x= [[e(P)]], hence {e} £ [[e(P)]]. We use Proposition 2 and obtain that 3P such that 

l!{e) 

e(P) —)> P. Then due to the strong bisimulation between a RCCS term and its corresponding CCS 

i'.Oi 

term |2|, we have that, for some /, R^ S. That [[S]] = fif,xU{e}) follows from a similar argument 
as in 1 . above. □ 


4 Definition of Bisimulations 

In this section we adapt to configuration structures the definitions of barb and strong back-and-forth barbed 
bissimulation on RCCS terms (Definition 3 and Definition 4). We define hereditary history preserving 
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bisimulation, show that they “translate” the sister notion on RCCS terms (Lemma 3), and use two family 
of relations, denoted F, and to inductively approximate the bisimulation (Lemma 4 ). 

Definition 13. A strong back-and-forth barbed bisimulation on labelled configuration structures is a 
symmetric relation C Ci x C 2 such that (0,0) G 1 %, and if (xi,X 2 ) G then 

xi ^ x[ 3^2 G C2 s.t. X2 ^ X'l, with t\{e\) = £2(^2) = T and (x),X2) £ (Back) 

x\x\ 3 x 2 G C2 s.t. X2X2, with -('i(ei) = £2(^2) = T and (x'i,X2) G (Forth) 

if 3 ei G Ei s.t. ii{e{) / T and xi x\ then 3 x 2 ^ ^2 s.t. X2 x' 2 , with f'i(ei) = ^2(^2)- (Barbed) 


Let "^1 ‘fi ’2 if and only if there exists a strong back-and-forth barbed bisimulation between and ‘^ 2 - 

Denote a symmetric relation on terms that have an operational meaning such that if [[Pi]] rsj ^ [[^ 2 ]] 
thenVC,[[C[Pi]]]~M[C[F 2 ]]]. 

Let us now show that the relation in Dehnition 13 is the relation induced by the barbed congruence on 
processes. 

Lemma 3. P 5 =► [[^(Or)]] [[^(Os)]] and [[P]] [[2]] =► P Q- 


Proof. Both case are similar : 


P 5 ^ Os 

e{OR) e{Os) 

VC[-],C[£(0«)] ~"C[£(05)] 

^ VC[.],[[C[£(0«)]]]~-[[C[£(05)]]] 

^ [[£(Or)]] MOs)]] 


(By Lemma 1) 

(As e(0 t> P) = P) 

(By Definition 4) 

(By the Soundness part of Proposition 2) 

(By Definition 13) □ 


Definition 14. A hereditary history preserving bisimulation on labelled configuration structures is a 
symmetric relation C Ci x C 2 x x E 2 ) such that (0,0,0) G and if (xi,X2,/) G then 


/ is a label and order preserving bijection between xi and X 2 
xi x\ =► 3x2 ^ C' 2 S.t. X 2 X 2 and / = /']xi, (x( ,X2,/0 G 
xi -w x\ => 3x2 ^ C' 2 S.t. X 2 X 2 and andf = /]x 2 , (x( ,X2,/0 G 

We dehne bisimilarity, denoted 1p\ ~ ^ 2 > as the greatest hereditary history preserving bisimulation on 
labelled configuration structures. 

Note that ~ ^2 is an abuse of notation as ~ is a relation defined on Ci x C 2 x ,^(Pi x E 2 ). Due fo 
fhe resfricfions imposed on fhe conhgurafion sfrucfures (see Remark 1) fhere is a unique mapping befween 
evenfs for fhe greafesf hhp bisimulafion. 

We can give an inductive characterisation of HHPB by reasoning on tbe structures up to a level: we 
ignore the configurations that have greater cardinality then the considered level. Hhpb is then the relation 
obtained when we reach tbe top level. Hence we can detect, whenever two conhguration structures are 
not hhp bisimilar, at which level the bisimulation does no longer hold. We do this with the aid of the two 
following functions. 
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Definition 15 (Fi, Bi). Given ^2 two configuration structures, we let k be the cardinal of the largest 
configuration of and define, for all x\ G Ci, JC2 G C 2 and / a label and order-preserving function: 

{ Card(xi) = Card(x 2 ) = i, f any label and order-preserving function if i = k 
Vxj ,-^2 s-t. (xj,:r 2)/0 ^ ■^'+1 elsewhere 

' {xi,X 2 ,f) e Fi if/ = 0 

Vx'i, 3 x 2 )-^1 ^ Xx^X 2 ^ X 2 and /' = f\X 2 s.t. (xj ,X 2 ,f ) G F ,-1 n Bi 1 elsewhere 


(xi,X2,/) G 
ixi,X2,f) GB/44> 


The relation is built on top of Ff. it “tests for the backward steps” all the couples that “passed 
the forward test”. It should be remarked that, with this definition, C F,, but, at the price of slight 
modifications, one could define Ft on top of S,. 

Example 4.1. Consider ^3 and '^4 of Figure 3, the relations F„ are enough to discriminate them: 


F2={{e-i,e'2},{eA,e^})\{{e-i,e2},{eie^}) Fi =({^3}, {^4}); ({^3}, M}) ^0=0 


This intuitively is due to the fact that forward transitions are enough to discriminate a + a.b and a.b + a.b. 
However for comparing the processes a \ b and a.b + b.a whose configurations are and '^2 of Figure 3, 
we need the backward moves as well: 


F2={{e\,e\},{e2,e2})\{{ei,e\}\{e2,e2}) Fx =({ei}, {^ 2 }); {4}) ^o=(0,0) 

B2=0 Bx={{ex],{e2])-,{{e'xy,{e'i]) fio=Eo=(0,0) 

The following proposition states that pairs of configurations are in a bisimulation relation if they have 
the same cardinality. It follows from the fact that any configuration is reachable from the empty set and 
that they have to mimic each other’s step in the backward direction. 

Proposition 5. Let '^1 ~ ^2 cind xx G ^ 1 , X2 G '^ 2 - 7f 3 / such that (xi,X2,/) G {~} then Card(xi) = 
Card(x 2 ). 

We are going to prove a fine lemma that will be handy to prove Theorem 1 It implies that if for all 
n^k the maximal cardinal considered, F„r\Bny= 0 , then nS„) is a bisimulation. 

Lemma 4. For all iFx, ^ 2 , lf^\ ~ ‘*^2. then Vxi G '^i( 3 x 2 G ^ 2 , 3 /, (xi,X 2 ,/) G F„r\B„) ( 3 x 2 £ 

‘^ 2 , 3 /,(xi,X 2 ,/) G~). 


Proof. Let us denote the relation ~. One should first remark that 'fax ~ ^2 implies that Vxi G '^x ■, 3 x 2 £ 
'^ 2 . and 3/ such that (xi,X2,/) G as (0,0,0) G M and all configurations are reachable from the empty 
set. The reader should notice that the X2 G ‘^2 and / on both sides of the symbols may be different. 
We prove that statement by induction on the cardinal of xx- 


Card(xi) = 0 

X2 G "^2 s.t. (0,X2,/) G M follows by the definition of the bisimulation from X2 = 0 and f = %. 

By definition, Fq flBo = Fq- Since there exists X2 G ^2 such that (0,X2,/) G we know that any 
forward transition made by 0 can be simulated by a forward transition from X 2 , and that the elements 
obtained are in the relation iff. By an iterated use of this notion, we can find “maximal” elements 
X™ G and xf G *^2 (that is, elements of maximal cardinality, k) such that (x™,X2 j/™) G By 
Proposition 5, x™ and x™ have the same cardinality, and (x'”,x™,/'”) G F^. By just “reversing the 
trace”, we can go backward and stay in relation F until i = 0 , hence we found the X 2 and / we were 
looking for. 

^All the configurations we manipulate here are finite. In an infinite setting, this bound can be viewed as a way to define an 
“up to k steps bisimulation”. 
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C?lxA{xi ) = + 1 As Card(xi) > 0, we know there exists x\ such that x\ -w x\. 

=> Let X 2 and / such that {x\,X 2 ,f) G ^1 +1 H i. We know that 

Vxj, 3x2 f ,xi -w Xi ,X 2 ^ X 2 and (xj ,X 2 ,f') G (By Definition of B),) 

3 x2, f, ^ (By Induction Hypothesis) 

And as x\ x \, there exists 2^2 and f" such that {xi,X 2 G 

We prove it by contraposition: suppose that 3x2,/ such that (xi,X 2 ,/) G we prove that Vx 2 , 
(xi,X2,/) ^ 7/+1 leads to a contradiction. 

As (xi,X 2 ,/) G 3 xj,X2 ,/' such thatxi ^ x\, X 2 ^ x '2 and (xj,X 2 ,/') G M. By induction hypoth¬ 
esis, 3x2 ’^Bat (xj,X 2 ,/") G Fk(3Bk. As Xj xi, 3x2^ and 3/'" such that X 2 x '2 

and {xi,x' 2 ,f''') G i/+i, by definition of 

So {x\,x '2 ,f"') ^ B/t+ 1 , but as xi x^ and X 2 " X 2 , and as moreover (xj,X 2 ,/") G we 

have that {x\,x '2 ,f"') G Bt+i- 

From this contradiction we know that we found the right element (X 2 O that is in relation with x\ 
according to 1 n 5*,+ 1 . □ 


5 Correspondence between HHPB and Strong Barbed Congruence 

In this section we use the relations defined in Sect. 4 to show that two processes are barbed congruent 
whenever their denotations are in the HHPB relation (Theorem I). One direction is straightforward 
(Proposition 6), whereas the other is more technical and, as in CCS |7|, follows by contradiction. It uses 
the relations F, and 5, (Definition 15) to build contexts that discriminate processes that are not hi similar. 

Remark 1 (On auto-concurrency and others limitations). In the proofs that follow we need to uniquely 
identify configurations based on the labels and orders of the “open” (i.e. non synchronized) events. This 
is not possible in processes as a.P \ a.Q or a.P + a.Q. Auto concurrency |4, Definition 9.5] forbids the 
first kind of processes. But we need a stronger condition, a sort of auto conflict, to forbid the second, 
that is not ruled out by the collapse function (Definition 10). Hence in the following we do not consider 
processes that exhibit auto concurrency or auto conflict. 

The problem is specific to the encoding in configuration structures. It appears in the encoding of 
Winskel [12], and is treated thanks to tags that discriminates between the right- and the left-hand side 
of the sum and of the product [13]. Hence we can retrieve the whole class of processes by adding more 
information on the labels, at the cost of a more cumbersome presentation. 

Proposition 6. [[A]] ~ [[F 2 ]] ^ VC,[[C[Fi]]] ~ [[C[F 2 ]]] 

The proof, exposed in Appendix A, amounts to carefully build a relation between [[C[Fi]]] and [[C[F 2 ]]] 
that reflects the known bissimulation between [[Fi]] and [[F 2 ]]. Its uses that causality in a product is the 
result of the entanglement of the causality of its elements (Proposition 3). 

Theorem 1. [[A]] ~ [[A]] ^ [[A]] [[A]] 

Proof. The left-to-right direction follows from the definition of ~ (Definition 14) and from Proposition 6 
We prove the other direction by contraposition: let us suppose that [[Fi]] "" [[F 2 ]] and [[A]] rf [[F 2 ]], we 

will find a contradiction. Figure 4 presents the general shape of the configurations at the end of the proof. 
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For i G {1,2}, we have: 


^C,P^ 


^C'.C[Pi] 



[[/^•]] 





We start with j 1 ~ 3 ^ 2 , then prove that ~^ ^ 2 > 1° up with (vj,^ 2 >/) ^ F„r\ Bn. 

Figure 4: Configurations Structures by the end of the proof of Theorem 1 


As [[Pi]] rf, [[P 2 ]], by Lemma 4, there exists vi G [Pi]] such that Vv 2 G [[P 2 ]], {x\ ,X 2 ,f) ^ FnCiBn holds. 
Note that we can only consider X 2 such that Card(xi) = Card(x 2 ) = n, and that we use the projections 
Ttc.p (Definition 16) to separate the events of the process P from the events of the context C. 

Let us show that for any xi we can define C[-] := lie,ex, (^(^0 +<^e,)l['] where Cg,. ^ N(Pi) U N(P 2 ), 
such fhaf fhe following holds 

• 3yi G [[C[Pi]]] such fhaf yi is closed, 7rc,p, (yi) = xi and yi }/ce, for all c,- G xi ; 

• We supposed thaf [Pi]] [P 2 ]], so [[C[Pi]]]~'"[[C[P 2 ]]]. Hence 3y2 G [[C[P 2 ]]] such fhaf iyi,y 2 ,g) G 

and y 2 for all c; G xi. 

Moreover we show fhaf {x \, TTc.Pi (^ 2 ),/) G P„, for some / a label and order preserving bijecfion. 

Lef us sfarf by showing fhaf such an / exisfs. 

We denofe 7tc.Pi {yi ) wifh X 2 - We have fhaf Vc i, cj G xi, and C 2 G X 2 , 


€2 G X 2 e\ G X 2 and f{e]) = ^'(^ 2 ) 


( 1 ) 


P\ <xi Pi —^ ^c,Pi(^i) 

—^ si^c.Pi (^ 1 )) ^>'2 §(^c,Pi(^i)) 


( 2 ) 

( 3 ) 


Remark fhaf (1) follows from y 2 and from fhe fad fhaf if y 1 is closed we can show by confradicfion 
fhaf y 2 is closed as well. Secondly, (2) follows from Proposition 3 and from fhe form of fhe confexf, which 
does nol induce any causalify befween the events. Lastly, (3) follows from g being an order preserving 
bijection between yi andy 2 . 

We proceed by induction to show that {x\,X 2 ,f) & Fn. 

• lfn = kfork the maximal cardinal of events in [Pi]]. This case is trivial, as Card(xi) = Card(x 2 ) = k. 

• If n = k — 1 for k > 1, we prove that {x\,X 2 ,f) ^ P/t-i leads to a contradiction. There are two cases: 



( 4 ) 

( 5 ) 
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The implication (4 ) is easier: if 3^2, x' 2 , then, as a context cannot remove transitions from 

the original process, 33 : 2 , 3^2 y^- [[^[-^ 2 ]]] [[^[A]]]? 3 / 2 , 3 :! y\, and a similar argument 

on the context shows that 3xj,xi /. Hence a contradiction. 

To prove (5) requires more work and uses the induction hypothesis. First, let C'[-] := C[-]\{i{e\) + 
Cej). By induction hypothesis, there exists Zj G [[C^[A]]] such that Zj is closed, ,c[Pi\{^i) =y'\ 

Zj /cg; and Zi /cej for all e, G xi. 

By hypothesis, [[Fi]] [[P 2 ]], hence [[C'[Pi]]] [[C'[F’ 2 ]]] implies that 3z2,/z' such that Z 2 G [[C'[F 2 ]]] 

and Z2 /cg, and Z 2 for all e; G xi. 

Let us denote the projection 7rc',c[P2] (^ 2 ) y'l- closed, so is z/ We can infer using the fact 

that Z 2 is closed and that Z 2 /Qj that 3/2 £ /2 such that £{€ 2 ) = f(ci) and y 2 \ {^ 2 } is closed. 
From Z 2 /ce, we have that 3^2 /cg, . As there exists a label and order preserving hijection h' between 
z'l and z/ and as we forbid auto concurrency and “ambiguous” non deterministic sum (Remark 1), 
we conclude that Kc,P 2 {y'i) = ^'2 7lc',P2 /z) = ■^ 2 - 

Then we have Kc.Pi (/) = / j (4) = -^ 2 ’ ^’^d by induction hypothesis, (xj ,x//) G F*. But as 
xi x\ and X 2 x/ we have that (xi ,X 2 ,/) G Fyi_i, hence a contradiction. 

To prove that (xi,X 2 ,/) G we use induction, the base case {n = 0) being trivial. The step case goes 
along the line of (and uses) the proof that (xi ,X 2 ,/) G F„. □ 


Conclusion 

We showed that, for a restricted class of RCCS processes (without recursion, auto-concurrency or auto¬ 
conflict) hereditary history preserving bisimilation has a contextual characterisation in CCS. We used the 
barbed congruence defined on RCCS as the congruence of reference, adapted it to configuration structures 
and then showed a correspondence with HHPB. As a proof tool, we defined two inductively relations that 
approximate HHPB. Consequently we have that adding reversibility into the syntax helps in retrieving 
some of the discriminating power of configuration structures. 

This work follows notable efforts |9, 6| to understand equivalences for reversible processes. There 
are many interesting continuations. A first one as suggested in the introduction, is to move to weak 
equivalences, which ignore silent moves T and focus on the observable part of a process. This is arguably 
a more interesting relation than the strong one, in which processes have to mimic each other’s silent 
moves. Even if such a relation on configuration structures exists 111 j one still has to show that this is 
indeed the relation we expect. In the denotational setting, the adjective “weak” has sometimes [10, 4] a 
different meaning: it stands for the ability to change the label and order preserving hijection as the relation 
grows, to modify choices that were made before this step. 

The relations defined so far simulate forward (resp. backward) transitions only with forward (resp. 
backward) transitions, and only consider “forward” barb. Ignoring the direction of the transitions could 
introduce some fruitful liberality in the way processes can simulate each other. Depending on the answer, 
a + z.b and a + b would be weakly bisimilar or not. Moreover one can also consider irreversible moves 
and understand what are the meaningful equivalences in the setting of transactions [3 |. 

Context—which plays a major part in these equivalences—raises questions on the memory handling 
of RCCS: what about context that could “fix the memory” of an incoherent process? For instance, 
C = (l,a,0) > P '\[•] and P = (l,d,0) > P" are incoherent, but C[P] is coherent and can backtrack. 

One can easily retrieve auto concurrency and auto conflict by tagging the transitions. Bisimulations 
have then to consider the tags. Maybe of less interest but important for the generality of these results, one 
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should include infinite processes as well. This needs a rework of the relations in Definition 15 used to 
approximate the HHPB. 

Acknowledgement We would like to thank D. Varacca and J. Krivine for the very useful discussions as 
well as the referee for his helpful remarks. 
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A Appendices 

A.l Additional Definition 

Definition 16 (Context for configuration structures). Let P a CCS a process and C[-] a context. Then 7lc,p 
is as the projection morphism 7ic,p ■ |IC[P]]] —)• [P]] defined inductively on the structure of [[C[P]]]: 

• 7ic.p ■ [[a.C'[P]]] —)• [[P]] is defined as 7ic.p{e) = 7i:c',p{e)', 

• 7ic,p ■ [[C^[P]|Pl] —^ [[P]] is defined as 7ic,p{e) = 7lc',p{7li{e)), where 7ii : [[C'[P]|P']] —)• [[C'[P]]] is fhe 
projection morphism defined by the product; 

• 7ic,p : [[C'[P] +P']] JP]] is defined as 7ic,p{e) = 7lc',p{7li{e)), where TTi : [[C'[P] +P']] [[C'[P]]] 

is the projection morphism defined by the coproduct; 

• Tlc.p ■ [[(a)C'[P]]] [[P]] defined as 7lc,p{e) = Tic,pie). 

That the projection tTc.p : [[C[P]]] [[P]] is a morphism follows by a simple case analysis. We naturally 

extend 7ic.p to configurations. 

A.2 Proof of Proposition 4 

Proof. Without loss of generality, the trace Or —R can be considered to be only forward: every 
reversible trace can be re-arranged as a succession of backward moves followed by a succession of 
forward moves [2, Lemma 10], but Or cannot go backward. We proceed by induction on the trace 
Or — R. Let adjoK](0,Oi? — R) = for x„ G [[Or]] and such that [[e(P)]] = [[^(Or)]] \x„. We have 
to show that 

ad|o^]](0,OR —A R-^Rn+i) =x„U{4 andx„U{4 G [[Or]], with [[e(Pn+i)]] = [[Or]] \ (x„U{4)- 

We have that ad[jo^|(0,OR —R P„+i) = ad[[o^|(x„,P P„+i) and that [[e(P)]] = [[Or]] \ 

Xn. We want to show that for R P„+i ,3!{c} G [[^(P)]] such that [[e(P„+i)]] = [[e(P)]] \ {e}. We 
consider only the case a = a, the rest is similar. We rewrite R= (bi... bn)im\ \>a.P\ \ P 2 ) and P„+i = 
[bi.. .b„)im\\> P\ I P 2 ) and hence e(P) = .. .f>„)(a.Pi | P 2 ) and e(P„+i) = (Z^i.. .Z7„)(Pi | P 2 ). We 

want to show that 3!c G [[Or]] \x„ such that £(c) = a and 

[[£(P„+i)]] = [[£(Or)]]\(xUW). 

But [[e(OR)]] \ (xU {c}) = [[e(P)]] \ {e}. Hence it is enough to show that 3\e G [[^(P)]] such that £(e) = a 
and 

[[£(P„+l)]] = [[£(P)]]\W 

which is equivalent to show that 

Pi...^„)(Pi IP 2 )]] = [[(^ 1 ...^„)(«.Pi IP 2 )]] \ W- 

From Proposition 2 such an event exists and its uniqueness follows from the collapsing hypothesis 
(Definition 10). 

Let us prove that if x G [[(fii... bn)iP\ \ P 2 )]] then x G [[(fii... b„)ia.Pi \ P 2 )]] \ {e}. The other direction 
is similar. Let us unfold the definition of the encoding. We have the following equalities: 


Pi . . .^(Pl I P2)]] = (^1 . . .^([[Pl]] X [[P 2 ]]) 1 X 
lib,...b„)ia.P, I P2)]] = ib,...b„)ia.lP,l X [[P2]])]F 
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[[A]] = (A,Cl,A) [[A|< 2 ]] = {E[AA) = ([[A]] X [[e]])1Xi 



[[P2]] = (C2,c2,a) [[Ale]] = {E'^AAi) = ([[A]] X [[e]])ix2 

Figure 5: Configurations Structures by the end of the proof of Proposition 6 
If^G(Z.i...A)([[A]]x[[P 2 ]])lXthen 


$e £ x,£{e) e {b,b,0}. (6) 

Hence ;c G ([[Pi]] x [[^ 2 ]])- Let Tii, 712 the two projections defined by the product. Then 

TTi (x) G [[A]] and 712 (x) G [[P 2 ]]- (7) 

As 7ri(x) G [[Pi]], and from the definition of [[a.Pi]] we have that 3e\, l{e\) = a and such that {ei} U 
7ri(x) Ga.[[Pi]]. From Equation 7 we have that 3x2 £fl:.[[Pi]] x [[P 2 ]] such that 7ri(x2) = {ei}U7ri(x) and 
— A(7c)- Hence 3\e such that 7ti{e) = ei, 7t2(e) = x and X 2 = {e} Ux. From Equation 6 we 
have that X 2 £ {b\.. .ti„)(a.[[Pi]] x [[P2]])1T- Erom the definition of [[Or]] \ {e} we infer that if xU {e} G 
{b :... A)(«.[[Pi]] X [[P2]])1F thenx G lA ... A)(fl.A | A)]] \ {4- 

Erom [[e(P)]] = [[Or]] \ x„, we have that Vy G [[^(P)]], 3y Ux„ G [[Or]]. In particular x„ U {e} £ [[Or]]. 
Hence adjo^l(0, Or — >* R-A Rn+i) =x„U{4 with [[£(P„+i)]] = [[Or]] \ (x„ U {e}). □ 

A.3 Proof of Proposition 6 

Proof. We only consider the following case: 

VA,P 2 ,[[A]] ~ [[A]] ^ V(2,[[Pi|(2]] ~ [[Ale]] 

As [[A]] [[P 2 ]], there exists Pf a hereditary history preserving bisimulation (HHPB) between [[Pi]] 

and [[P 2 ]]. Figure 5 introduces the variables names and types. 
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Define ^ C[ x C 2 x x £’ 2 ) as follows: 


(>’ 1 D 2 ,/c) 


{ni{yi),n2{y2),n\o f) e M 

fc{e) = {Til of{e)),7i2{e)) ey2 for alleGyi 


Informally {yi,y2,fc) is in the relation Me if there is {x\,X2,f) in M such that Xi is the first projection 
of y,' and such that/c satisfies the property: for {ei,eq) G E[, fc{ei,eq) = {f{ei),eq) and {f{ei),eq) G 
Let us show that Me is a HHPB between {E[, C[ , £[) and {E2 , C2, f2) • 

. ( 0 , 0 , 0 ) G^,; 

• For (yi,y2j/c) G ^ we show that fe is label and order preserving bijection. We have that fe is 
defined as fe{e) = (tTi o f (e)), 712(e)), for some / label and order preserving bijection such that 
i 7 ti{yi), 7 i 2 (y 2 ),niof) eM. 

That fe is a bijection follows from / a bijection. 

Lete Gyi with 7 ri(e) =eu 7 i 2 {e) = eq,tben fe(e) = {f{ei),eq) for somes.t. ( 7 r(yi), 712(3^2),/) e 
M. We have that/j(e) = (£i(ei),t'g(e^)), hence 

^2{Me)) = £2{f{ei),eq) = {£2{f{ei)),£Q(eq)) 

As / is label preserving we get £'2(fe(e)) = (£\(e\),£Q(eq)), hence £'i(e) = £'2(fe(e)). 

Let us now show that for e,e' Gyi, if e <y, e' then/c(e) <3,2 fc{e')- We denote 7 i\{e) =ei, 712(e) = eq 
and Til (e') = e\, 7 l 2 (e') = e'^. Then from Proposition 3 

e e y 61 or 6 q ^;j2(3’i) eq (8) 

We consider the case where e\ / i^ order preserving we have that f(ei) <n^(y2) fie)). 

Then (f(e\),eq) <X2 (/(e)),^^, as the projections are order reflecting. 

• Let (yi,y2,fc) £ andyi — >y'\,y'i =Ji U{e"}. We consider only the case when Ki(e") =e'[ 7^*, 
7^2 (e”) = e" 7^= * as the rest is similar. From the definition of the projections tti (y 1), Tii (yj) G C[ and 
as TTi (e”) = e'{ 7^ we have that tti (yj) = tti (yi) U {e"}. We reason similarly on 712 (yi) and get 

e" e" 

7 i\(y\)-^ Til(y\) and 712 (y 1) ^ 712 (y'l)■ ( 9 ) 


From Equation 9 and as (tti (yi), 7r2(y2),/) G M, by definition of Me, we have that 

e" 

3/2 S.t. TTi (y2) X 2 = X2 U {^ 2 } 


( 10 ) 


and 

f =fU{e'[^e'i] (11) 

such that (x'j ,V 2 ,/') G M. From Equation 9 and Equation 10 we have that 3y2 G ([[P 2 ]] x I^g]]) with 
7ri(y2) =x' 2 ,7i2(y2) = ^ 2 (y\) and 3^ Gy 2 ,7ri(4) =4> ^2(4) = ^r 

Let us show that y^ ^ X 2 . We have that y^ ^ X 2 . As i(e”) and £(e”) are compatible, then so are 
£(€ 2 ) and £(e”), hence y 2 U {(^ 2 ,^’^')} i ^ 2 - 

Remains to show (y\,y 2 ,fc) where= feLi{E( We have that (7ri(yj),7ri(y2),/') ^Me 

and from Equation 11 that 7i\of^ = f. □ 


